cve/published/2023/CVE-2023-52525.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2023-52525: wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet

 Only skip the code path trying to access the rfc1042 headers when the
 buffer is too small, so the driver can still process packets without
 rfc1042 headers.

 The Linux kernel CVE team has assigned CVE-2023-52525 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.14.326 with commit f517c97fc129995de77dd06aa5a74f909ebf568f and fixed in 4.14.327 with commit 71b1d2b57f145c8469aa9346f0fd57bf59b2b89c
 	Issue introduced in 4.19.295 with commit 8824aa4ab62c800f75d96f48e1883a5f56ec5869 and fixed in 4.19.296 with commit 16cc18b9080892d1a0200a38e36ae52e464bc555
 	Issue introduced in 5.4.257 with commit 29eca8b7863d1d7de6c5b746b374e3487d14f154 and fixed in 5.4.258 with commit b8e260654a29de872e7cb85387d8ab8974694e8e
 	Issue introduced in 5.10.195 with commit 3fe3923d092e22d87d1ed03e2729db444b8c1331 and fixed in 5.10.198 with commit 10a18c8bac7f60d32b7af22da03b66f350beee38
 	Issue introduced in 5.15.132 with commit 7c54b6fc39eb1aac51cf2945f8a25e2a47fdca02 and fixed in 5.15.135 with commit 5afb996349cb6d1f14d6ba9aaa7aed3bd82534f6
 	Issue introduced in 6.1.53 with commit 3975e21d4d01efaf0296ded40d11c06589c49245 and fixed in 6.1.57 with commit 6b706286473db4fd54b5f869faa67f4a8cb18e99
 	Issue introduced in 6.5.3 with commit 650d1bc02fba7b42f476d8b6643324abac5921ed and fixed in 6.5.7 with commit be2ff39b1504c5359f4a083c1cfcad21d666e216
 	Issue introduced in 6.4.16 with commit a7300e3800e9fd5405e88ce67709c1a97783b9c8

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2023-52525
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/net/wireless/marvell/mwifiex/sta_rx.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/71b1d2b57f145c8469aa9346f0fd57bf59b2b89c
 	https://git.kernel.org/stable/c/16cc18b9080892d1a0200a38e36ae52e464bc555
 	https://git.kernel.org/stable/c/b8e260654a29de872e7cb85387d8ab8974694e8e
 	https://git.kernel.org/stable/c/10a18c8bac7f60d32b7af22da03b66f350beee38
 	https://git.kernel.org/stable/c/5afb996349cb6d1f14d6ba9aaa7aed3bd82534f6
 	https://git.kernel.org/stable/c/6b706286473db4fd54b5f869faa67f4a8cb18e99
 	https://git.kernel.org/stable/c/be2ff39b1504c5359f4a083c1cfcad21d666e216
 	https://git.kernel.org/stable/c/aef7a0300047e7b4707ea0411dc9597cba108fc8
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2023-52525: wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet

	Only skip the code path trying to access the rfc1042 headers when the
	buffer is too small, so the driver can still process packets without
	rfc1042 headers.

	The Linux kernel CVE team has assigned CVE-2023-52525 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.14.326 with commit f517c97fc129995de77dd06aa5a74f909ebf568f and fixed in 4.14.327 with commit 71b1d2b57f145c8469aa9346f0fd57bf59b2b89c
	Issue introduced in 4.19.295 with commit 8824aa4ab62c800f75d96f48e1883a5f56ec5869 and fixed in 4.19.296 with commit 16cc18b9080892d1a0200a38e36ae52e464bc555
	Issue introduced in 5.4.257 with commit 29eca8b7863d1d7de6c5b746b374e3487d14f154 and fixed in 5.4.258 with commit b8e260654a29de872e7cb85387d8ab8974694e8e
	Issue introduced in 5.10.195 with commit 3fe3923d092e22d87d1ed03e2729db444b8c1331 and fixed in 5.10.198 with commit 10a18c8bac7f60d32b7af22da03b66f350beee38
	Issue introduced in 5.15.132 with commit 7c54b6fc39eb1aac51cf2945f8a25e2a47fdca02 and fixed in 5.15.135 with commit 5afb996349cb6d1f14d6ba9aaa7aed3bd82534f6
	Issue introduced in 6.1.53 with commit 3975e21d4d01efaf0296ded40d11c06589c49245 and fixed in 6.1.57 with commit 6b706286473db4fd54b5f869faa67f4a8cb18e99
	Issue introduced in 6.5.3 with commit 650d1bc02fba7b42f476d8b6643324abac5921ed and fixed in 6.5.7 with commit be2ff39b1504c5359f4a083c1cfcad21d666e216
	Issue introduced in 6.4.16 with commit a7300e3800e9fd5405e88ce67709c1a97783b9c8

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2023-52525
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/net/wireless/marvell/mwifiex/sta_rx.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/71b1d2b57f145c8469aa9346f0fd57bf59b2b89c
	https://git.kernel.org/stable/c/16cc18b9080892d1a0200a38e36ae52e464bc555
	https://git.kernel.org/stable/c/b8e260654a29de872e7cb85387d8ab8974694e8e
	https://git.kernel.org/stable/c/10a18c8bac7f60d32b7af22da03b66f350beee38
	https://git.kernel.org/stable/c/5afb996349cb6d1f14d6ba9aaa7aed3bd82534f6
	https://git.kernel.org/stable/c/6b706286473db4fd54b5f869faa67f4a8cb18e99
	https://git.kernel.org/stable/c/be2ff39b1504c5359f4a083c1cfcad21d666e216
	https://git.kernel.org/stable/c/aef7a0300047e7b4707ea0411dc9597cba108fc8